Using security is optional - non-secured clusters are supported, as well as a mix of authenticated, unauthenticated, encrypted and non-encrypted clients. The following security features are currently supported on the Confluent Platform Docker images:

When you enable security for the Confluent Platform, you need to pass secrets (credentials, certificates, keytabs, Kerberos config etc.) to the container. The images handle this by expecting the credentials to be available in the secrets directory. We specify a docker volume for secrets and expect the admin to map it to a directory on the host which contain the required secrets.

Running containers with arbitrary User IDs

The images can be run with arbitrary User IDs. This provides an additional security layer against processes achieving escalated permissions on the host node by escaping the container if there is a container engine vulnerability.